Linux TCP/IP Netfilter Devel

Thread Index

[Prev Page][Next Page]

[PATCH nf-next v2 1/4] netfilter: nft_tunnel: add nft_tunnel_mode_match function
- From: wenxu@xxxxxxxxx
[PATCH nf-next v2 3/4] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match
- From: wenxu@xxxxxxxxx
[PATCH nf-next v2 0/4] netfilter: nft_tunnel: support tunnel match expr offload
- From: wenxu@xxxxxxxxx
[PATCH libnetfilter_queue] src: Fix IPv4 checksum calculation in AF_BRIDGE packet buffer
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 5/8] netfilter: xt_time: use time64_t
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: libnftnl: NFTA_FLOWTABLE_SIZE missing from kernel uapi headers
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl] flowtable: remove NFTA_FLOWTABLE_SIZE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] scanner: Introduce numberstring
- From: Phil Sutter <phil@xxxxxx>
libnftnl: NFTA_FLOWTABLE_SIZE missing from kernel uapi headers
- From: Eric Garver <eric@xxxxxxxxxxx>
[PATCH nf-next 2/4] netfilter: nf_flow_table_offload: add indr block setup support
- From: wenxu@xxxxxxxxx
[PATCH nf-next 4/4] netfilter: nf_flow_table_offload: add tunnel encap/decap action offload support
- From: wenxu@xxxxxxxxx
[PATCH nf-next 1/4] netfilter: nf_flow_table_offload: refactor nf_flow_table_offload_setup to support indir setup
- From: wenxu@xxxxxxxxx
[PATCH nf-next 3/4] netfilter: nf_flow_table_offload: add tunnel match offload support
- From: wenxu@xxxxxxxxx
[PATCH nf-next 0/4] netfilter: nf_flow_table_offload: support tunnel match
- From: wenxu@xxxxxxxxx
Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH nf] netfilter: ctnetlink: netns exit must wait for callbacks
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: check the bind callback failed and unbind callback if hook register failed
- From: wenxu@xxxxxxxxx
Re: [iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: add nft_unregister_flowtable_hook()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 2/2] nft: Fix -Z for rules with NFTA_RULE_COMPAT
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 1/2] nft: CMD_ZERO needs a rule cache
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/2] Restore rule counter zeroing
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] cache: Reduce caching for get command
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] segtree: Fix get element for little endian ranges
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 3/4] netfilter: nf_tables: Fix check the err for FLOW_BLOCK_BIND setup call
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 0/4] netfilter: flow_table_offload something fixes
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH net-next 0/4] netfilter: flow_table_offload something fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [net-next 1/1] netfilter: nf_tables_offload: Fix dangling extack pointer
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[net-next 1/1] netfilter: nf_tables_offload: Fix dangling extack pointer
- From: Saeed Mahameed <saeedm@xxxxxxxxxxxx>
[nft PATCH] cache: Reduce caching for get command
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] segtree: Fix get element for little endian ranges
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next 3/3] netfilter: nf_tables_offload: undo updates if transaction fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nf_tables_offload: release flow_rule on error from commit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables_offload: remove reference to flow rule from deletion path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
Re: [nft PATCH] evaluate: Reject set references in mapping LHS
- From: Phil Sutter <phil@xxxxxx>
Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING
- From: Phil Sutter <phil@xxxxxx>
Re: ipset bitmap:port question
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] segtree: Check ranges when deleting elements
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] evaluate: Reject set references in mapping LHS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue] src: Make sure pktb_alloc() works for IPv6 over AF_BRIDGE
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
libnetfilter_queue git pull has stopped working
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH mlx5-next 0/7] netfilter flowtable hardware offload support
- From: Saeed Mahameed <saeedm@xxxxxxxxxxxx>
[PATCH nf-next 2/2] netfilter: nf_flow_table_offload: add IPv6 support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nf_flow_table_offload: add flow_action_entry_next() and use it
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] evaluate: Reject set references in mapping LHS
- From: Phil Sutter <phil@xxxxxx>
[PATCH][v2] netfilter: only call csum_tcpudp_magic for TCP/UDP packets
- From: Li RongQing <lirongqing@xxxxxxxxx>
[PATCH net-next 3/4] netfilter: nf_tables: Fix check the err for FLOW_BLOCK_BIND setup call
- From: wenxu@xxxxxxxxx
[PATCH net-next 4/4] netfilter: nf_tables_api: Fix UNBIND setup in the nft_flowtable_event
- From: wenxu@xxxxxxxxx
[PATCH net-next 0/4] netfilter: flow_table_offload something fixes
- From: wenxu@xxxxxxxxx
[PATCH net-next 1/4] netfilter: flow_table_offload: Fix check ndo_setup_tc when setup_block
- From: wenxu@xxxxxxxxx
[PATCH net-next 2/4] netfilter: flow_table_core: remove unnecessary parameter in flow_offload_fill_dir
- From: wenxu@xxxxxxxxx
[PATCH nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event
- From: wenxu@xxxxxxxxx
Re: [PATCH net-next 0/6] netfilter flowtable hardware offload
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH AUTOSEL 4.19 195/209] netfilter: nft_compat: do not dump private area
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 105/115] netfilter: nft_compat: do not dump private area
- From: Sasha Levin <sashal@xxxxxxxxxx>
答复: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets
- From: "Li,Rongqing" <lirongqing@xxxxxxxxx>
Re: [PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [nft PATCH] evaluate: Reject set references in mapping LHS
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 3/4] tests: add meta time test cases
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] evaluate: Reject set references in mapping LHS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] meta: Rewrite hour_type_print()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue 0/2] Miscellaneous fixes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] tests: add meta time test cases
- From: Phil Sutter <phil@xxxxxx>
Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/1] ipset patches for nf-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] tests: add meta time test cases
- From: Florian Westphal <fw@xxxxxxxxx>
[nft PATCH] segtree: Check ranges when deleting elements
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] meta: Rewrite hour_type_print()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target
- From: manojbm@xxxxxxxxxxxxxx
Re: [PATCH nft 3/4] tests: add meta time test cases
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target
- From: manojbm@xxxxxxxxxxxxxx
Re: ipv6 forward rule after prerouting - Howto
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
[nf-next PATCH] net: netfilter: Support iif matches in POSTROUTING
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 1/2] files: Drop shebangs from config files
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [nft PATCH 1/2] files: Drop shebangs from config files
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 1/2] files: Drop shebangs from config files
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 2/2] files: Install sample scripts from files/examples
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [PATCH] netfilter: xtables: Add snapshot of hardidletimer target
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: [PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules
- From: Saeed Mahameed <saeedm@xxxxxxxxxxxx>
[PATCH mlx5-next 1/7] net/mlx5: Simplify fdb chain and prio eswitch defines
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 4/7] net/mlx5: Accumulate levels for chains prio namespaces
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 6/7] net/mlx5: Add new chain for netfilter flow table offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 3/7] net/mlx5: Define fdb tc levels per prio
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 7/7] net/mlx5: TC: Offload flow table rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 5/7] net/mlx5: Refactor creating fast path prio chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 2/7] net/mlx5: Rename FDB_* tc related defines to FDB_TC_* defines
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH mlx5-next 0/7] netfilter flowtable hardware offload support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 5/6] netfilter: nf_tables: add flowtable offload control plane
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 6/6] netfilter: nf_flow_table: hardware offload support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 4/6] netfilter: nf_flow_table: detach routing information from flow description
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 1/6] netfilter: nf_flow_table: move conntrack object to struct flow_offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 3/6] netfilter: nf_flowtable: remove flow_offload_entry structure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 2/6] netfilter: nf_flow_table: remove union from flow_offload structure
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next 0/6] netfilter flowtable hardware offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: UAF in ip6_do_table on 4.19 kernel
- From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
UAF in ip6_do_table on 4.19 kernel
- From: stranche@xxxxxxxxxxxxxx
[conntrack-tools PATCH] helpers: Fix for warning when compiling against libtirpc
- From: Phil Sutter <phil@xxxxxx>
[conntrack-tools PATCH] Makefile.am: Use ${} instead of @...@
- From: Phil Sutter <phil@xxxxxx>
[PATCH] netfilter: xtables: Add snapshot of hardidletimer target
- From: Manoj Basapathi <manojbm@xxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 0/2] Miscellaneous fixes
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 1/2] src: pktb_trim() was not updating tail after updating len
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 2/2] src: Make sure pktb_alloc() works for AF_INET6 since we document that it does
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH AUTOSEL 4.19 183/191] netfilter: masquerade: don't flush all conntracks if only one address deleted on device
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 4.14 105/109] netfilter: masquerade: don't flush all conntracks if only one address deleted on device
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic
- From: Phil Sutter <phil@xxxxxx>
[PATCH] netfilter: only call csum_tcpudp_magic for TCP/UDP packets
- From: Li RongQing <lirongqing@xxxxxxxxx>
[PATCH 09/16] netfilter: nft_meta: use 64-bit time arithmetic
- From: Arnd Bergmann <arnd@xxxxxxxx>
[PATCH 00/16] drivers: y2038 updates
- From: Arnd Bergmann <arnd@xxxxxxxx>
[PATCH 5/8] netfilter: xt_time: use time64_t
- From: Arnd Bergmann <arnd@xxxxxxxx>
[PATCH 0/8] y2038: bug fixes from y2038 work
- From: Arnd Bergmann <arnd@xxxxxxxx>
Re: [PATCH ghak90 V7 04/21] audit: convert to contid list to check for orch/engine ownership
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 06/21] audit: contid limit of 32k imposed to avoid DoS
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 08/21] audit: add contid support for signalling the audit daemon
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH AUTOSEL 4.19 203/205] netfilter: nf_tables: avoid BUG_ON usage
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH nf-next,RFC 0/5] Netfilter egress hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
KCSAN: data-race in pcpu_alloc / pcpu_free_area (2)
- From: syzbot <syzbot+0b3bfb9cbec193033650@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [nft PATCH 2/2] files: Install sample scripts from files/examples
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 2/2] files: Install sample scripts from files/examples
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH 2/2] files: Install sample scripts from files/examples
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 1/2] files: Drop shebangs from config files
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: ipv6 forward rule after prerouting - Howto
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
[PATCH] conntrackd UDP IPv6 destination address not usable (Bug 1378)
- From: Jan-Martin Raemer <raemer@xxxxxxxxxx>
Re: [PATCH 0/9] Netfilter fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16().
- From: Praveen Chaudhary <praveen5582@xxxxxxxxx>
[PATCH v3] [net]: Fix skb->csum update in inet_proto_csum_replace16().
- From: Praveen Chaudhary <praveen5582@xxxxxxxxx>
Re: [nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Phil Sutter <phil@xxxxxx>
RE: [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet.
- From: Praveen Chaudhary <praveen5582@xxxxxxxxx>
Re: [nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: ipv6 forward rule after prerouting - Howto
- From: Phil Sutter <phil@xxxxxx>
ipv6 forward rule after prerouting - Howto
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
Re: [PATCH] src: add `set_is_meter` helper.
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 0/7] Improve xtables-restore performance
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] src: flowtable: add support for delete command by handle
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnftnl] flowtable: add support for handle attribute
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/9] netfilter: nf_tables_offload: check for register data length mismatches
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/9] netfilter: ipset: Fix an error code in ip_set_sockfn_get()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 4/9] netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 6/9] netfilter: nf_tables: fix unexpected EOPNOTSUPP error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 9/9] netfilter: nf_tables_offload: skip EBUSY on chain update
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 8/9] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/9] netfilter: nf_tables: Align nft_expr private data to 64-bit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 7/9] bridge: ebtables: don't crash when using dnat target in output chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/9] netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/9] Netfilter fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 0/7] Improve xtables-restore performance
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next 0/2] icmp: move duplicate code in helper functions
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH nft] src: add `set_is_meter` helper.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH] src: add `set_is_meter` helper.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[nft PATCH] doc: Drop incorrect requirement for nft configs
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] src: flowtable: add support for delete command by handle
- From: Eric Jallot <ejallot@xxxxxxxxx>
[PATCH libnftnl] flowtable: add support for handle attribute
- From: Eric Jallot <ejallot@xxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/3] ipset patches for nf
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue 0/2] src: doc: Main Page updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink v3 2/2] Make it clear that this library is deprecated
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink v3 1/2] Minimally resurrect doxygen documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 2/2] netfilter: nf_tables_offload: skip EBUSY on chain update
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf 1/2] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nft_payload: add C-VLAN support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains
- From: Florian Westphal <fw@xxxxxxxxx>
Re: ebtables dnat rule gets system frozen
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH libnetfilter_queue] src: doc: Eliminate doxygen warnings from ipv{4,6}.c
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
ebtables dnat rule gets system frozen
- From: Tom Yan <tom.ty89@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
- From: kbuild test robot <lkp@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH libnetfilter_queue] src: doc: Fix spelling of CTA_LABELS in examples/nf-queue.c
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH nft] tests: add stateful object update operation test
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH nf] netfilter: nf_tables: fix unexpected EOPNOTSUPP error
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
[PATCH nf-next,v2] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnetfilter_queue 2/2] src: doc: Update the Main Page to be nft-focussed
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 0/2] src: doc: Main Page updates
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue 1/2] src: whitespace: Eliminate useless spaces before tabs
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
"Sets" element cannot update "struct proto_ctx"
- From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
[PATCH net-next 2/2] icmp: remove duplicate code
- From: Matteo Croce <mcroce@xxxxxxxxxx>
[PATCH net-next 1/2] icmp: add helpers to recognize ICMP error packets
- From: Matteo Croce <mcroce@xxxxxxxxxx>
[PATCH net-next 0/2] icmp: move duplicate code in helper functions
- From: Matteo Croce <mcroce@xxxxxxxxxx>
[PATCH 0/1] ipset patches for nf-next
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 1/1] netfilter: ipset: Add wildcard support to net,iface
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 2/3] netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 3/3] netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 1/3] netfilter: ipset: Fix an error code in ip_set_sockfn_get()
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[PATCH 0/3] ipset patches for nf
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[ANNOUNCE] ipset 7.4 released
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Steve Grubb <sgrubb@xxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_tables: fix possible null-pointer dereference in object update
- From: Fernando Fernández Mancera <ffmancera@xxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_tables: fix possible null-pointer dereference in object update
- From: Eric Garver <eric@xxxxxxxxxxx>
Re: Nat redirect using map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_tables: fix possible null-pointer dereference in object update
- From: Fernando Fernández Mancera <ffmancera@xxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_tables: fix possible null-pointer dereference in object update
- From: Eric Garver <eric@xxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook
- From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Re: Nat redirect using map
- From: Florian Westphal <fw@xxxxxxxxx>
Nat redirect using map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
[nft PATCH] evaluate: Reject set references in mapping LHS
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v3 0/7] Improve xtables-restore performance
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr()
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH v3 0/7] Improve xtables-restore performance
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 00/12] Implement among match support
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next 2/2] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/2] netfilter: nft_payload: simplify vlan header handling
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 0/2] Revisit vlan support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Steve Grubb <sgrubb@xxxxxxxxxx>
Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
Re: [iptables PATCH v3 00/12] Implement among match support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
Re: [iptables PATCH v3 00/12] Implement among match support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,RFC] src: Support netdev egress hook
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next,RFC 5/5] netfilter: Introduce egress hook
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 3/5] netfilter: Rename ingress hook include file
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH nf-next,RFC 4/5] netfilter: Generalize ingress hook
- From: Lukas Wunner <lukas@xxxxxxxxx>
[PATCH nf-next,RFC 2/5] netfilter: Document ingress hook
- From: Lukas Wunner <lukas@xxxxxxxxx>
[PATCH nf-next,RFC 1/5] netfilter: Clean up unnecessary #ifdef
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [libnftnl PATCH 2/2] Deprecate untyped data setters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 2/2] Deprecate untyped data setters
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next,RFC 0/5] Netfilter egress hook
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [libnftnl PATCH 1/1] flowtable: Fix symbol export for clang
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] doc: fix missing family in plural forms list command.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] src: flowtable: add support for named flowtable listing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 2/2] Deprecate untyped data setters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data()
- From: Phil Sutter <phil@xxxxxx>
[tip: core/rcu] net/netfilter: Replace rcu_swap_protected() with rcu_replace_pointer()
- From: "tip-bot2 for Paul E. McKenney" <tip-bot2@xxxxxxxxxxxxx>
Re: [PATCH] ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
Re: ipset make modules_install always fail unless module already loaded?
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
nft: secmark output not understood by parser
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit
- From: Lukas Wunner <lukas@xxxxxxxxx>
[PATCH nf] netfilter: nf_tables: Align nft_expr private data to 64-bit
- From: Lukas Wunner <lukas@xxxxxxxxx>
Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
[libnftnl PATCH 1/1] flowtable: Fix symbol export for clang
- From: Marvin Schmidt <marvin_schmidt@xxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[nft PATCH v2] libnftables: Store top_scope in struct nft_ctx
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] libnftables: Store top_scope in struct nft_ctx
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH ghak90 V7 14/21] audit: contid check descendancy and nesting
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
[PATCH nft] doc: fix missing family in plural forms list command.
- From: Eric Jallot <ejallot@xxxxxxxxx>
[libnftnl PATCH 2/2] Deprecate untyped data setters
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH 1/2] libnftnl.map: Export nftnl_{obj,flowtable}_set_data()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 11/12] nft: Support parsing lookup expression
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 00/12] Implement among match support
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 08/12] nft: Support NFT_COMPAT_SET_ADD
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 09/12] nft: Bore up nft_parse_payload()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 10/12] nft: Embed rule's table name in nft_xt_ctx
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 05/12] nft: Keep nft_handle pointer in nft_xt_ctx
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 12/12] nft: bridge: Rudimental among extension support
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] src: flowtable: add support for named flowtable listing
- From: Eric Jallot <ejallot@xxxxxxxxx>
Rearranging expressions in the rule
- From: "Serguei Bezverkhi (sbezverk)" <sbezverk@xxxxxxxxx>
Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] mnl: Replace use of untyped nftnl data setters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[conntrack-tools PATCH] docs: refresh references to /proc/net/core/rmem_default
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
Re: Documentation question
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Documentation question
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: Documentation question
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Documentation question
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: Conntrack offload questions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v2 00/10] Reduce code size around arptables-nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH net-next] inet: do not call sublist_rcv on empty list
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt()
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt()
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
ipset make modules_install always fail unless module already loaded?
- From: Oskar Berggren <oskar.berggren@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only
- From: Edward Cree <ecree@xxxxxxxxxxxxxx>
[PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet.
- From: Praveen Chaudhary <praveen5582@xxxxxxxxx>
[PATCH v2] [netfilter]: Fix skb->csum calculation when netfilter manipulation for NF_NAT_MANIP_SRC\DST is done on IPV6 packet.
- From: Praveen Chaudhary <praveen5582@xxxxxxxxx>
Re: [PATCH net-next] inet: do not call sublist_rcv on empty list
- From: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx>
[nft PATCH] mnl: Replace use of untyped nftnl data setters
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH] tests/py: Fix test script for Python3 tempfile
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] tests/py: Fix test script for Python3 tempfile
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf-next] netfilter: nf_tables_offload: allow ethernet interface type only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
libnftnl: Attribute and data length validation for objects
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH net-next] inet: do not call sublist_rcv on empty list
- From: Leon Romanovsky <leon@xxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH net-next] inet: do not call sublist_rcv on empty list
- From: Florian Westphal <fw@xxxxxxxxx>
general protection fault in ip6_sublist_rcv
- From: syzbot <syzbot+c54f457cad330e57e967@xxxxxxxxxxxxxxxxxxxxxxxxx>
[nft PATCH] mnl: Replace use of untyped nftnl data setters
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH trivial] net: Fix various misspellings of "connect"
- From: David Miller <davem@xxxxxxxxxxxxx>
[iptables PATCH v2 00/10] Reduce code size around arptables-nft
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 05/10] xtables-arp: Drop generic_opt_check()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 06/10] Replace TRUE/FALSE with true/false
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 08/10] xtables-arp: Drop some unused variables
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 02/10] xshared: Share a common add_command() implementation
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 03/10] xshared: Share a common implementation of parse_rulenumber()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 07/10] xtables-arp: Integrate OPT_* defines into xshared.h
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 09/10] xtables-arp: Use xtables_parse_interface()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 01/10] ip6tables, xtables-arp: Drop unused struct pprot
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 10/10] nft-arp: Use xtables_print_mac_and_mask()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v2 04/10] Merge CMD_* defines
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nft_meta: offload support for interface index
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 00/10] Reduce code size around arptables-nft
- From: Phil Sutter <phil@xxxxxx>
Re: nftables: secmark support
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Re: [iptables PATCH 00/10] Reduce code size around arptables-nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf,v2] netfilter: nf_tables_offload: check for register data length mismatches
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] netfilter: nf_tables_offload: check for register data length mismatches
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[iptables PATCH 04/10] Merge CMD_* defines
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 06/10] Replace TRUE/FALSE with true/false
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 00/10] Reduce code size around arptables-nft
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 07/10] xtables-arp: Integrate OPT_* defines into xshared.h
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 10/10] nft-arp: Use xtables_print_mac_and_mask()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 08/10] xtables-arp: Drop some unused variables
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 02/10] xshared: Share a common add_command() implementation
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 03/10] xshared: Share a common implementation of parse_rulenumber()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 01/10] ip6tables, xtables-arp: Drop unused struct pprot
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 05/10] xtables-arp: Drop generic_opt_check()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 09/10] xtables-arp: Use xtables_parse_interface()
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] netfilter: nft_cmp: check for register data length mismatches
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 04/21] audit: convert to contid list to check for orch/engine ownership
- From: Neil Horman <nhorman@xxxxxxxxxxxxx>
Re: [PATCH 0/5] Netfilter/IPVS fixes for net
- From: David Miller <davem@xxxxxxxxxxxxx>
[PATCH 4/5] ipvs: move old_secure_tcp into struct netns_ipvs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 5/5] netfilter: nft_payload: fix missing check for matching length in offloads
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 3/5] ipvs: don't ignore errors in case refcounting ip_vs module fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/5] netfilter: nf_flow_table: set timeout before insertion into hashes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 2/5] netfilter: nf_tables_offload: restore basechain deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 0/5] Netfilter/IPVS fixes for net
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match
- From: kbuild test robot <lkp@xxxxxxxxx>
[PATCH libnfnetlink v3 0/2] Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnfnetlink v3 1/2] Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnfnetlink v3 2/2] Make it clear that this library is deprecated
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnetfilter_queue] src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt()
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH 00/31] Netfilter/IPVS updates for net-next
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH AUTOSEL 5.3 49/99] netfilter: conntrack: avoid possible false sharing
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 06/31] netfilter: ipset: move function to ip_set_bitmap_ip.c.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 02/31] netfilter: ipset: remove inline from static functions in .c files.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 04/31] netfilter: ipset: move functions to ip_set_core.c.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 08/31] ipvs: no need to update skb route entry for local destination packets.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 10/31] ipvs: batch __ip_vs_dev_cleanup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 12/31] selftests: netfilter: add ipvs nat test case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 11/31] selftests: netfilter: add ipvs test script
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 16/31] netfilter: conntrack: free extension area immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 19/31] netfilter: nf_flow_table: move priority to struct nf_flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 21/31] netfilter: nf_tables: allow netdevice to be used only once per flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 22/31] netfilter: nf_tables: increase maximum devices number per flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 23/31] netfilter: nf_tables_offload: add nft_flow_block_chain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 25/31] netfilter: nf_tables_offload: add nft_flow_cls_offload_setup()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 20/31] netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 24/31] netfilter: nf_tables_offload: Pass callback list to nft_setup_cb_call()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 27/31] netfilter: nf_tables: support for multiple devices per netdev hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 29/31] netfilter: nf_tables_offload: add nft_chain_offload_cmd()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 30/31] netfilter: nf_tables_offload: add nft_flow_block_offload_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 31/31] netfilter: nf_tables_offload: unbind if multi-device binding fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 17/31] netfilter: add and use nf_hook_slow_list()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 18/31] netfilter: nft_tproxy: Fix typo in IPv6 module description.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 28/31] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 26/31] netfilter: nf_tables_offload: remove rules on unregistered device only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 15/31] netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 14/31] netfilter: ecache: document extension area access rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 13/31] selftests: netfilter: add ipvs tunnel test case
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 09/31] ipvs: batch __ip_vs_cleanup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 07/31] netfilter: ipset: move ip_set_get_ip_port() to ip_set_bitmap_port.c.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 03/31] netfilter: ipset: move ip_set_comment functions from ip_set.h to ip_set_core.c.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 05/31] netfilter: ipset: make ip_set_put_flags extern.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 01/31] netfilter: ipset: add a coding-style fix to ip_set_ext_destroy.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 00/31] Netfilter/IPVS updates for net-next
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] mnl: remove artifical cap on 8 devices per flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v3] src: add multidevice support for netdev chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft,v2] src: add multidevice support for netdev chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft,v2] src: add multidevice support for netdev chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl,v2] chain: multi-device support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl,v2] flowtable: device array dynamic allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/2] xshared: Introduce struct argv_store
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 1/2] iptables-xml: Use add_param_to_argv()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [GIT PULL] IPVS fixes for v5.4
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnfnetlink v2 2/2] Make it clear that this library is deprecated
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnfnetlink v2 1/2] Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
[PATCH libnfnetlink v2 0/2] Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 04/21] audit: convert to contid list to check for orch/engine ownership
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [iptables PATCH] xtables-arp: Use xtables_ipparse_multiple()
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH ghak90 V7 06/21] audit: contid limit of 32k imposed to avoid DoS
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 04/21] audit: convert to contid list to check for orch/engine ownership
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 05/21] audit: log drop of contid on exit of last task
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 08/21] audit: add contid support for signalling the audit daemon
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[iptables PATCH] xtables-arp: Use xtables_ipparse_multiple()
- From: Phil Sutter <phil@xxxxxx>
[PATCH AUTOSEL 5.3 11/33] netfilter: conntrack: avoid possible false sharing
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH AUTOSEL 5.3 16/33] netfilter: connlabels: prefer static lock initialiser
- From: Sasha Levin <sashal@xxxxxxxxxx>
[PATCH 2/2] ipvs: move old_secure_tcp into struct netns_ipvs
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH 1/2] ipvs: don't ignore errors in case refcounting ip_vs module fails
- From: Simon Horman <horms@xxxxxxxxxxxx>
[GIT PULL] IPVS fixes for v5.4
- From: Simon Horman <horms@xxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables_offload: support offload iif types meta offload
- From: wenxu@xxxxxxxxx
Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH trivial] net: Fix various misspellings of "connect"
- From: Simon Horman <horms@xxxxxxxxxxxx>
Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events
- From: syzbot <syzbot+c7aabc9fe93e7f3637ba@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 14/21] audit: contid check descendancy and nesting
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: KASAN: use-after-free Read in nf_ct_deliver_cached_events
- From: syzbot <syzbot+c7aabc9fe93e7f3637ba@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 06/21] audit: contid limit of 32k imposed to avoid DoS
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[iptables PATCH v3 3/7] xtables-restore: Introduce line parsing function
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 0/7] Improve xtables-restore performance
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 7/7] tests: shell: Add ipt-restore/0007-flush-noflush_0
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 6/7] xtables-restore: Improve performance of --noflush operation
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 2/7] xtables-restore: Introduce struct nft_xt_restore_state
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 4/7] xtables-restore: Remove some pointless linebreaks
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 5/7] xtables-restore: Allow lines without trailing newline character
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH v3 1/7] xtables-restore: Integrate restore callbacks into struct nft_xt_restore_parse
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH trivial] net: Fix various misspellings of "connect"
- From: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Phil Sutter <phil@xxxxxx>
[PATCH trivial] net: Fix various misspellings of "connect"
- From: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Re: How to implement transparent proxy in bridge through nftables
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next 5/5] netfilter: nft_tunnel: add nft_tunnel_get_offload support
- From: wenxu@xxxxxxxxx
[PATCH nf-next 2/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV4_SRC/DST match
- From: wenxu@xxxxxxxxx
[PATCH nf-next 3/5] netfilter: nft_tunnel: add inet type check in nft_tunnel_mode_validate
- From: wenxu@xxxxxxxxx
[PATCH nf-next 4/5] netfilter: nft_tunnel: support NFT_TUNNEL_IPV6_SRC/DST match
- From: wenxu@xxxxxxxxx
[PATCH nf-next 0/5] netfilter: nft_tunnel: support tunnel match expr offload
- From: wenxu@xxxxxxxxx
[PATCH nf-next 1/5] netfilter: nft_tunnel: add nft_tunnel_mode_validate function
- From: wenxu@xxxxxxxxx
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next v6 0/8] netfilter: nf_tables_offload: support tunnel offload
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/3] netfilter: nf_tables_offload: add nft_flow_block_offload_init()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/3] netfilter: nf_tables_offload: unbind if multi-device binding fails
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/3] netfilter: nf_tables_offload: add nft_chain_offload_cmd()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Phil Sutter <phil@xxxxxx>
Re: How to implement transparent proxy in bridge through nftables
- From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
[PATCH nf] netfilter: nft_payload: fix check the match len for offload to hw
- From: wenxu@xxxxxxxxx
[PATCH nf-next] netfilter: nf_tables_offload: Fix unbind devices when subsequent device bind failed
- From: wenxu@xxxxxxxxx
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 4/4] main: remove duplicate output flag assignment.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 2/4] py: add missing output flags.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft 1/4] doc: add missing output flag documentation.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] Revert "main: Fix for misleading error with negative chain priority"
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH libnfnetlink 1/1] src: Minimally resurrect doxygen documentation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone
- From: Tonghao Zhang <xiangxia.m.yue@xxxxxxxxx>
Re: [PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH] xtables-restore: Unbreak *tables-restore
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH net-next] netfilter: nf_conntrack: introduce conntrack limit per-zone
- From: xiangxia.m.yue@xxxxxxxxx
Re: [PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support
- From: wenxu <wenxu@xxxxxxxxx>
[PATCH nft 1/4] doc: add missing output flag documentation.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft 4/4] main: remove duplicate output flag assignment.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft 3/4] main: add missing `OPT_NUMERIC_PROTO` long option.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft 2/4] py: add missing output flags.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft 0/4] Output Flag Fixes
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[PATCH tip/core/rcu 08/10] net/netfilter: Replace rcu_swap_protected() with rcu_replace()
- From: paulmck@xxxxxxxxxx
Re: nftables: secmark support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
- From: Florian Westphal <fw@xxxxxxxxx>
nftables: secmark support
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
[PATCH nf-next,RFC 1/2] netfilter: nf_tables: add decapsulation support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 2/2] netfilter: nf_tables: add encapsulation support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next,RFC 0/2] nf_tables encapsulation/decapsulation support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
KASAN: use-after-free Read in nf_ct_deliver_cached_events
- From: syzbot <syzbot+c7aabc9fe93e7f3637ba@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: How to implement transparent proxy in bridge through nftables
- From: Florian Westphal <fw@xxxxxxxxx>
How to implement transparent proxy in bridge through nftables
- From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Neil Horman <nhorman@xxxxxxxxxxxxx>
Re: [PATCH nft v3 0/2] Add option to omit sets elements from listings.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[iptables PATCH] xtables-restore: Unbreak *tables-restore
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft v3 0/2] Add option to omit sets elements from listings.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[PATCH nft v3 1/2] src: use `-T` as the short option for `--numeric-time`.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft v3 2/2] src: add --terse to suppress output of set elements.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft v3 0/2] Add option to omit sets elements from listings.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Paul Moore <paul@xxxxxxxxxxxxxx>
Re: [nft PATCH] main: Fix for misleading error with negative chain priority
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] main: Fix for misleading error with negative chain priority
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft v2] src: extend --stateless to suppress output of non-dynamic set elements.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft v2] src: extend --stateless to suppress output of non-dynamic set elements.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
Re: [PATCH nft] main: misleading error reporting in chain definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] parser_json: Fix checking of parse_policy() return code
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH] tproxy: Add missing error checking when parsing from netlink
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nft] main: misleading error reporting in chain definitions
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] main: misleading error reporting in chain definitions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[nft PATCH] parser_json: Fix checking of parse_policy() return code
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH] tproxy: Add missing error checking when parsing from netlink
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v2] xtables-restore: Fix --table parameter check
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH v2] xtables-restore: Fix --table parameter check
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] src: extend --stateless to suppress output of non-dynamic set elements.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nft] src: extend --stateless to suppress output of non-dynamic set elements.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
CFS for Netdev 0x14 open!
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Re: [PATCH nf v2] ipvs: don't ignore errors in case refcounting ip_vs module fails
- From: Julian Anastasov <ja@xxxxxx>
Re: xtables-addons akmods Builds Failing on Linux Kernel 5.3.6 - Log Sample - xt_DHCPMAC.c
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
xtables-addons akmods Builds Failing on Linux Kernel 5.3.6 - Log Sample - xt_DHCPMAC.c
- From: Matt Olson <lkml@xxxxxxxxxxxxxxxxxxx>
[PATCH nf-next,v2 5/5] netfilter: nf_tables: support for multiple devices per netdev hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf v2] ipvs: don't ignore errors in case refcounting ip_vs module fails
- From: Davide Caratti <dcaratti@xxxxxxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns
- From: Richard Guy Briggs <rgb@xxxxxxxxxx>
[PATCH AUTOSEL 4.19 016/100] netfilter: ipset: Make invalid MAC address checks consistent
- From: Sasha Levin <sashal@xxxxxxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Florian Westphal <fw@xxxxxxxxx>
[iptables PATCH 1/2] iptables-xml: Use add_param_to_argv()
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/2] xshared: Introduce struct argv_store
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH] xtables-restore: Fix --table parameter check
- From: Phil Sutter <phil@xxxxxx>
[PATCH nf] netfilter: nf_tables_offload: restore basechain deletion
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nf-next v2] netfilter: nf_tables: add vlan support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add vlan support
- From: Florian Westphal <fw@xxxxxxxxx>
[PATCH nf-next v2] netfilter: nf_tables: add vlan support
- From: wenxu@xxxxxxxxx
Re: [PATCH nf-next] netfilter: nf_tables: add vlan support
- From: wenxu <wenxu@xxxxxxxxx>
Re: [PATCH nf-next] netfilter: nf_tables: add vlan support
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next] netfilter: nf_tables: add vlan support
- From: wenxu@xxxxxxxxx
Re: [iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft] src: add multidevice support for netdev chain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl 2/2] chain: multi-device support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH libnftnl 1/2] flowtable: device array dynamic allocation
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 8/8] xtables-restore: Drop chain_list callback
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 7/8] xtables-restore: Drop local xtc_ops instance
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 5/8] iptables-restore: Constify struct iptables_restore_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 4/8] xtables-restore: Constify struct nft_xt_restore_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 2/8] xtables-restore: Use xt_params->program_name
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH 1/8] xtables-restore: Treat struct nft_xt_restore_parse as const
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[iptables PATCH 1/8] xtables-restore: Treat struct nft_xt_restore_parse as const
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 3/8] xtables-restore: Introduce rule counter tokenizer function
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 8/8] xtables-restore: Drop chain_list callback
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 5/8] iptables-restore: Constify struct iptables_restore_cb
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 0/8] A bit of *tables-restore review fallout
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 4/8] xtables-restore: Constify struct nft_xt_restore_cb
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 7/8] xtables-restore: Drop local xtc_ops instance
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 6/8] xtables-restore: Drop pointless newargc reset
- From: Phil Sutter <phil@xxxxxx>
[iptables PATCH 2/8] xtables-restore: Use xt_params->program_name
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft,v2] src: restore --echo with anonymous sets
- From: Phil Sutter <phil@xxxxxx>
[PATCH nft,v2] src: restore --echo with anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: David Miller <davem@xxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Edward Cree <ecree@xxxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Edward Cree <ecree@xxxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Jakub Kicinski <jakub.kicinski@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nft] src: restore --echo with anonymous sets
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft] src: restore --echo with anonymous sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Phil Sutter <phil@xxxxxx>
Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets
- From: Phil Sutter <phil@xxxxxx>
Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 1/4] monitor: Add missing newline to error message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 2/2,v2] flowtable: fix memleak in exit path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nft 1/2] src: define flowtable device compound as a list
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Phil Sutter <phil@xxxxxx>
Re: [PATCH nf-next] netfilter: ecache: document extension area access rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH trivial] netfilter: nft_tproxy: Fix typo in IPv6 module description.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 nf-next] netfilter: add and use nf_hook_slow_list()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH v2 nf-next 0/2] netfilter: conntrack: free extension area immediately
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 0/6] [GIT PULL ipvs-next] IPVS updates for v5.5
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [libnftnl PATCH] obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 0/8] Improve iptables-nft performance with large rulesets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [iptables PATCH v4 1/8] nft-cache: Introduce cache levels
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [nft PATCH 1/4] monitor: Add missing newline to error message
- From: Florian Westphal <fw@xxxxxxxxx>
Re: [PATCH net-next,v5 3/4] net: flow_offload: mangle action at byte level
- From: Jakub Kicinski <jakub.kicinski@xxxxxxxxxxxxx>
[nft PATCH 4/4] rule: Fix for single line ct timeout printing
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 1/4] monitor: Add missing newline to error message
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 0/4] A bunch of fixes for --echo option
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 2/4] Revert "monitor: fix double cache update with --echo"
- From: Phil Sutter <phil@xxxxxx>
[nft PATCH 3/4] tests/monitor: Fix for changed ct timeout format
- From: Phil Sutter <phil@xxxxxx>
[libnftnl PATCH] obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser
- From: Phil Sutter <phil@xxxxxx>
feature request, way to check specific IP/port/protocol/etc
- From: Dmitri Seletski <drjoms@xxxxxxxxx>
Re: [PATCH nftables v2 1/2] cli: add linenoise CLI implementation.
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
[PATCH nf-next 5/5] netfilter: nf_tables: support for multiple devices per netdev hook
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 4/5] netfilter: nf_tables_offload: remove rules on unregistered device only
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/5] netfilter: nf_tables_offload: add nft_flow_cls_offload_setup()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/5] netfilter: nf_tables_offload: Pass callback list to nft_setup_cb_call()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/5] netfilter: nf_tables_offload: add nft_flow_block_chain()
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 0/5] Hook multiple netdevices to basechain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 2/4] netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 4/4] netfilter: nf_tables: increase maximum devices number per flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 3/4] netfilter: nf_tables: allow only one netdev per flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 1/4] netfilter: nf_flow_table: move priority to struct nf_flowtable
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH nf-next 0/4] flowtable updates
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH nftables v2 1/2] cli: add linenoise CLI implementation.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]